v0.7

What's Changed

• add fapolicyd-hardening module preventing usage of sigstop, sigkill and ptrace by @rmetrich in #15
• Rename all /var/run file context entries to /run by @zpytela in #17
• Allow fapolicyd to connect to Winbind for user/group resolution by @rmetrich in #16
• Allow fapolicyd connect to systemd-userdbd over a unix socket by @zpytela in #18
• Make systemd_userdbd_stream_connect() interface call conditional by @zpytela in #19

New Contributors

• @rmetrich made their first contribution in #15

Full Changelog: v0.6...v0.7

v0.6

What's Changed

• consolidate rules using macros and make it compatible with the base policy versions without the respecitve macros by @sopos in #14

New Contributors

• @sopos made their first contribution in #14

Full Changelog: v0.5...v0.6

v0.5

What's Changed

• Allow fapolicyd watch boot and home directories by @zpytela in #9
• Setup github actions by @radosroka in #8
• Allow fapolicyd watch all files and directories by @zpytela in #10
• Replace "naked" allow rules with a macro by @vmojzis in #11

New Contributors

• @vmojzis made their first contribution in #11

Full Changelog: v0.4...v0.5

Regular fapolicyd-selinux release

v0.4

v0.4

New version of selinux policy

Upadate fapolicyd-selinux

Added fapolicyd_config_t label for /etc/fapolicyd.
Make fapolicyd a base read only file-readable for all domains.
Allow fapolicyd to execute generic programs in system bin directories (/bin, /sbin, /usr/bin, /usr/sbin) a without domain transition.

Initial release

This is the first release of fapolicyd selinux policy.